Explorar o código

TINC VPN Start geändert
rcS Firewall für ppp0: alle eingehenden Verbindungen und gesamt ipv6 wird geblockt

Reinhard Russinger %!s(int64=6) %!d(string=hai) anos
pai
achega
bb0abcdf12

+ 11 - 6
board/GfA/Display001/rootfs/etc/init.d/M99tincd

@@ -1,24 +1,29 @@
-#!/bin/sh
 #
 # Start tincd
 #
 
+TINCVPN=gfa
+SERVER=` cat /etc/tinc/$TINCVPN/hosts/$TINCVPN | awk -F[=/\ ] '/Subnet/ {print $4}'`
+
 case "$1" in
   start)
-        echo -e "Starting tincd vpn ...\n"
-        tincd -n gfa
+        echo -e "Starting tincd vpn: $TINCVPN ...\n"
+        tincd -n $TINCVPN
+        ping -c 4 $SERVER
         ;;
   stop)
-        echo -e "Stopping tincd vpn ...\n"
-        tincd -n gfa -k
+        echo -e "Stopping tincd vpn: $TINCVPN ...\n"
+        tincd -n $TINCVPN -k
         ;;
   restart|reload)
         "$0" stop
+        sleep 3
         "$0" start
         ;;
   *)
         echo "Usage: $0 {start|stop|restart}"
+        echo "VPN: $TINCVPN: SRV: $SERVER"
         exit 1
 esac
 
-exit $?
+exit 0

+ 10 - 0
board/GfA/Display001/rootfs/etc/init.d/rcS

@@ -116,3 +116,13 @@ fi
 if [ "$BASEBOARD" == "DISPLAY002_DI4" -o "$BASEBOARD" == "DISPLAY002_RS485" ]; then
 	echo "$BOOTCNT ::"`date`" -- "`hwclock -ur` >> /etc/BOOTTIME 
 fi
+#===========================
+# disable all ipv6
+#===========================
+echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
+#===========================
+#Firewall ppp0, drop all incoming
+#===========================
+iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A INPUT -i ppp0 -j DROP
+